Access Control Encryption From Group Encryption

Access control encryption (ACE) enforces both read and write permissions. It kills off any unpermitted subliminal message channel via the help of a sanitizer who knows neither of the plaintext, its sender and receivers, nor the access control policy. This work aims to solve the open problem left by the seminal work of Damgard et al. (TCC 2016), namely, "to construct practically interesting ACE from noisy, post-quantum assumptions such as LWE." We start with revisiting group encryption (GE), which allows anyone to encrypt to a certified group member, whom remains anonymous unless the opening authority decided to reveal him/her. We propose: 1) the notion of sanitizable GE (SGE), with specific changes for non-interactive proof, 2) the notion of traceable ACE (tACE), which helps damage control by tracing after-the-fact if some secret were leaked unluckily, 3) a generic construction of (t)ACE for equality policy (ACE-EP) from SGE, 4) a generic construction of ACE for general policy from ACE-EP, 5) a lattice-based instantiation of SGE, which comes with 6) a simple mechanism for checking that the randomness of ciphertexts can span the randomness space.